Home Features A CEO’s Guide to Cybersecurity

A CEO’s Guide to Cybersecurity

The CEO should make sure a risk management committee is constituted at the board level where IT and information security threats, risks, and mitigation plans can be discussed.

CEO, cybersecurity, CISO, Future of the CISO

Agile methodologies and cloud-based services and models have become popular, and in accordance with this change, the c-suite has restructured processes within their organizations. Microservice architectures are facilitating super-fast delivery of even large, intricate, multi-faceted applications. There is a rise in DevOps teams going the continuous integration/continuous delivery (CI/CD) way to stay flexible, scalable, and relevant. However, these changes are presenting Chief Executive Officers (CEOs) with both opportunities and security risks. Traditional controls need a revamp to meet fast-changing cybersecurity requirements.

By Ram Mohan, President and CEO of Infrastructure Management and Security Services Business Division, Happiest Minds Technologies

The COVID-19 pandemic has further accentuated the role of CEOs in securing the enterprise. Maintaining the security of their network in this digitally advanced age is becoming challenging, but a truth that cannot be avoided. Hence, senior executives must develop a strong foundation of security realities and make sure the organization is prepared to identify and defend cyberthreats.

Cybersecurity Threats Lurking in Every Organization

External threats to organizations are increasing in the form of malware and ransomware. Virus attacks carry the potential of self-replicating throughout the network. Cybercriminals have also been using spyware to secretly track and collate user information. CEOs need to be aware of these threats and invest in advanced endpoint security solutions. In addition to making software updates and patches mandatory, leadership teams should run effective awareness programs to train employees to identify suspicious behavior on their devices and distinguish between genuine and spam or phishing e-mails.

Considering the significant growth in the number of internal attacks, the importance of training and awareness programs cannot be stressed enough. Social networking sites and platforms have further increased this risk. Cyber awareness workshops can help avoid accidental leakage of confidential information, the company’s intellectual property (IP), customer credentials, and other private information to the external world.

Proper, ethical usage of software licenses is extremely important. Decision-makers should ensure the enterprise has the right controls to block non-secure downloads. Users should be made aware of the consequences of downloading pirated and illegal software versions—the way it can ruin the reputation of the brand, cause legal and financial complications due to lawsuits, etc.

Adherence to the General Data Privacy Regulation (GDPR) and various country- and state-specific mandates that safeguard user and data privacy is becoming quite a challenge for organizations. While having legal counsel on board is a must, it is time that CEOs also stay up-to-date on the constantly evolving regulations and drive necessary changes across the organization. Protecting personally identifiable information (PII) of customers and employees should be considered a moral obligation. The goal should be to fully secure the enterprise and implement security best practices to eliminate privacy breaches. Proactively establishing robust data protection controls and having a strong incident response plan will help improve the organization’s security posture.

Digital Transformation in the Pandemic Era

Quite a few companies have transitioned from need-based work-from-home options to a 100% remote workforce due to the pandemic. This, however, seems to be an ideal environment for hackers and cybercriminals. There has been an increase in cyberattacks, phishing campaigns, cyber espionage, and other interruptions to business. While it does look like the pandemic is here to stay a little longer, business leaders need to be prepared for continued work from home and other new situations caused by COVID-19.

Investments in Secure Access Service Edge (SASE), zero-trust network access (ZTNA), and other cloud-based security models are witnessing increased adoption. CEOs need to make the right investments that will not only offer the highest level of security but also offer ease of use and uninterrupted access to authorized assets and applications, irrespective of user and application location.

Cybersecurity should be considered a crucial element in digital transformation initiatives. DevSecOps embeds security at every step in the software development lifecycle, and business leaders must give this concept serious thought. A change in mindset toward security investments as business enablers and innovation accelerators will help organizations realize the complete benefits from new initiatives. By embedding security into every new system, process and application, and streamlining risk-modeling practices, teams will be able to proactively mitigate and manage cyberthreats before damage is caused to the business — its users, data, and reputation.

Board-level Cybersecurity Discussions for Better Threat Management

The CEO should make sure a risk management committee is constituted at the board level where IT and information security threats, risks, and mitigation plans can be discussed. Constantly assessing risks and then communicating derived insights during board-level meetings helps plan security management budgets and investments better. Engaging in these discussions at the leadership level offers all decision-makers a better understanding of how their respective departments contribute toward the enterprise’s overall cyber risk. Business leaders should be fully aware of the security challenges that can affect the organization and its stakeholders. They should be prepared to address and mitigate known and unknown cyber threats and attacks that can impact the business.

Awareness of the organization’s risk posture can help CEOs and Chief Information Security Officers (CISOs) define an effective risk management policy. It can enable them to rethink and reallocate security spends wisely. It is the right time to automate, fast-track, and redefine the threat defense lifecycle to counter sophisticated cyberattack vectors. The c-suite should set up top-down cybersecurity policies so that every participant consciously contributes toward lowering cyberthreats and risks.

The Way Forward

A pandemic in the digital era has offered social engineering fraudsters and hackers the desired environment. But it has also driven C-suite executives to relook at their digital transformation initiatives and restructure them to include security as an essential element of everyday operations. The challenging time calls for stronger collaboration between CEOs, CISOs, and other decision-makers in the organization. They need to act fast—invest in powerful cybersecurity tools and technologies, traverse the DevSecOps path if they haven’t done so yet, upgrade the organization’s cybersecurity insurance, and drive awareness to have cybersecurity-aware employees and leaders.

About the Author

Ram Mohan is currently working as President and CEO of Infrastructure Management and Security Services Business Division in Happiest Minds Technologies. He is also a member of the Executive Board of Happiest Minds.

Prior to Happiest Minds, Ram was EVP and Global Head of IMS, Enterprise Integration, Mainframe services and APAC business in Mindtree Ltd. He was CISO for Mindtree and also was responsible for Automation Initiative across the organization. He is the winner of the coveted Chairman’s award in Mindtree and is a CSO 100 award winner.

Ram has 30+ years of experience in Infrastructure Management and Tech Support. He has been in senior management positions for the last 20 years. Ram also worked in the Support division of Wipro for 11 years in various capacities from customer support to business development. He helped the formation of Wipro’s Global Support division in 1997, now the Global Infrastructure Services division.

Ram holds a Bachelor of Electronics Engineering degree with distinction from Bangalore University.


Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.